URL Filtering Decision Flow


When we look at providing enhanced security to SaaS apps with the Citrix Access Control service, I focused on three aspects:

  1. SSO to SaaS and web apps
  2. Enhanced security for SaaS and web apps
  3. URL filtering within SaaS and web apps

As we’ve seen with URL filtering, we can allow, deny or redirect specific websites or website categories (adult, malware, peer-to-peer, social media, news, etc).

But, how would I configure URL filtering where I want to do the following: Deny access to all social media sites EXCEPT Twitter

The deny portion is easy if we use the social media category, but simply denying the social media category will also deny access to Twitter.

In order to do this, we need to better understand the URL analysis flow of Access Control. 


Access Control goes through this decision flow to determine if a request should be allowed, denied or redirected.  Once Access Control gets a match, the analysis stops.

Based on the flow, in order for us to Deny access to all social media sites EXCEPT Twitter, we would configure the following

  • Deny Category: Social Media
  • Allow URL: *.twitter.com

A few interesting points on the decision flow:

  1. You can’t block a URL related to Citrix cloud services, because you will most likely break your workspace.
  2. You can’t block a URL related to your SaaS apps, because you will most likely break the SaaS app.
  3. URLs not defined are allowed

Daniel (Follow on Twitter @djfeller)
Citrix Workspace Poster
XenApp/XenDesktop On-Prem Poster
XenApp/XenDesktop Cloud Service Poster

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: